TokenEndpoint.RefreshTokenValidAfterMultiExchange

Are refresh tokens invalidated after exchanging the same authorization code multiple times

This test checks if refresh tokens are invalidated after exchanging the same authorization code multiple times.

View source code on GitHub

Documents

This test is part of the following document(s):

• The OAuth 2.0 Authorization Framework (RFC6749), section 4.1.2 (should)
• OAuth 2.0 Threat Model and Security Considerations (RFC6819), section 5.2.1.1 (may)
• OAuth 2.0 Security Best Current Practice (draft 25) (SecBCP), section 4.2.4 (should)

Back to the test case overview or the threat overview